122 lines
2.8 KiB
Bash
Executable File
122 lines
2.8 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# ACME PKI (Certificate) Bootstrap v1.3
|
|
#
|
|
# This script will generate all the files necessary to build a certificate chain of trust
|
|
# using a CA, CA Intermediate, Server, and Client certificates. After the bootstrap the other
|
|
# helper scripts will generate new client/server certificates
|
|
#
|
|
|
|
# source this file to include the functions
|
|
. libs/pki_funcs.sh
|
|
|
|
PARAM1=$1
|
|
|
|
usage() {
|
|
echo
|
|
echo "This application will generate all the files necessary to build a certificate chain of trust"
|
|
echo "using a CA, CA Intermediate, Server, and Client certificates. All the files are put into"
|
|
echo "pki lifecyle package"
|
|
echo " -put the .cnf config files into the ./cnf directory"
|
|
echo
|
|
echo "Usage: pki_bootstrap <.cnf file (minus the .cnf)>"
|
|
echo
|
|
echo "Example: pki_bootstrap org.acme.xyz"
|
|
exit 1
|
|
}
|
|
|
|
#
|
|
# CA generation requires .cnf files
|
|
# create CA directory
|
|
# create bash variables to CA
|
|
# restore script back to original path
|
|
#
|
|
app_init() {
|
|
if [[ -n $PARAM1 ]]; then
|
|
# need to know the location of the configuration file (expected to be in same dir path as this script)
|
|
CA_CNF="$CD_ROOT/cnf/ca.cnf"
|
|
|
|
# handle the case of having the ".cnf" extension or not
|
|
if [[ ${PARAM1: -4} == .cnf ]]; then
|
|
ORG_URL=${PARAM1%.*}
|
|
S_CNF=${PARAM1}
|
|
echo "ASDF: ${ORG_URL}, ${S_CNF}"
|
|
else
|
|
ORG_URL=$PARAM1
|
|
S_CNF="${PARAM1}.cnf"
|
|
echo "ZXCV: ${ORG_URL}, ${S_CNF}"
|
|
fi
|
|
|
|
FQ_S_CNF="${CD_ROOT}/cnf/${S_CNF}"
|
|
if [[ ! -f $FQ_S_CNF ]] || [[ ! -f $CA_CNF ]]; then
|
|
usage
|
|
fi
|
|
else
|
|
usage
|
|
fi
|
|
}
|
|
|
|
#
|
|
# IN: UNIQ_ID_CA, SERIAL
|
|
#
|
|
one-time-ca() {
|
|
# params
|
|
#SERIAL="101"
|
|
|
|
get_serial
|
|
echo_block "SERIAL == ${SERIAL}"
|
|
# Organize
|
|
#
|
|
# create a unique path for the server certificate
|
|
UNIQ_DIR_LC=`date +%Y-%m-%d.%H_%M_%S`
|
|
UNIQ_DIR_LC="pki-lifecycle_${UNIQ_DIR_LC}"
|
|
mkdir -p "${UNIQ_DIR_LC}"
|
|
cd "${UNIQ_DIR_LC}"
|
|
|
|
# create certificate
|
|
UNIQ_ID_CA="${SERIAL}.${ORG_URL}"
|
|
CA_DIR="ca_${UNIQ_ID_CA}"
|
|
mkdir $CA_DIR
|
|
cd $CA_DIR
|
|
FQ_CA_DIR=`pwd`
|
|
FQ_CA_CERT="${FQ_CA_DIR}/ca_${UNIQ_ID_CA}.crt.pem"
|
|
FQ_CA_KEYS="${FQ_CA_DIR}/ca_${UNIQ_ID_CA}.keys.pem"
|
|
|
|
# initialize the functions lib
|
|
pki_func_init $FQ_CA_CERT $FQ_CA_KEYS "${CD_ROOT}/cnf/"
|
|
|
|
# generate a new CA
|
|
gen_ca $UNIQ_ID_CA $SERIAL
|
|
cd ..
|
|
}
|
|
|
|
|
|
main() {
|
|
CD_ROOT=`pwd`
|
|
LIB_PATH="${CD_ROOT}/libs"
|
|
|
|
app_init
|
|
one-time-ca
|
|
ca-i_gen_pki $ORG_URL 1001 2
|
|
# ca-i_gen_pki $ORG_URL 2001 5
|
|
# ca-i_gen_pki $ORG_URL 3001 8
|
|
|
|
# make sure we return to root execution path
|
|
cd "${CD_ROOT}"
|
|
}
|
|
|
|
|
|
# ***** ***** ***** ***** ***** ***** ***** ***** ***** ***** ***** *****
|
|
#
|
|
# main execution begins here (because all the functions have to be defined)
|
|
#
|
|
# ***** ***** ***** ***** ***** ***** ***** ***** ***** ***** ***** *****
|
|
|
|
main
|
|
|
|
# ***** ***** ***** *****
|
|
#
|
|
#
|
|
#
|
|
# ***** ***** ***** *****
|